package com.m4f.appengine.utils.security.authentication;

import java.io.IOException;
import java.util.logging.Logger;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.google.appengine.api.users.User;
import com.google.appengine.api.users.UserServiceFactory;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
import com.m4f.appengine.utils.security.user.registry.AppUser;
import com.m4f.appengine.utils.security.user.token.GoogleAccountAuthenticationToken;

public class GaeAuthenticationFilter extends GenericFilterBean {

	private static final Logger LOGGER = Logger.getLogger(GaeAuthenticationFilter.class.getName());
	
	private final AuthenticationDetailsSource ads = new WebAuthenticationDetailsSource();
	private AuthenticationManager authenticationManager;
	private AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();

	@Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		
		Authentication authentication = SecurityContextHolder.getContext()
				.getAuthentication();
		User googleUser = UserServiceFactory.getUserService().getCurrentUser();
		
		if (authentication != null
				&& !loggedInUserMatchesGaeUser(authentication, googleUser)) {
			SecurityContextHolder.clearContext();
			authentication = null;
			((HttpServletRequest) request).getSession().invalidate();
		}

		if (authentication == null) {
			if (googleUser != null) {
				LOGGER.info("Currently logged on to GAE as user "
								+ googleUser);
				LOGGER.info("Authenticating to Spring Security");
				// User has returned after authenticating via GAE. Need to
				// authenticate through Spring Security.
				GoogleAccountAuthenticationToken token = 
					new GoogleAccountAuthenticationToken(googleUser, null);
				token.setDetails(ads.buildDetails((HttpServletRequest) request));
				try {
					authentication = authenticationManager.authenticate(token);
					SecurityContextHolder.getContext().setAuthentication(
							authentication);
				} catch (AuthenticationException e) {
					failureHandler.onAuthenticationFailure(
							(HttpServletRequest) request,
							(HttpServletResponse) response, e);
					return;
				}
			}
		}
		chain.doFilter(request, response);
	}

	private boolean loggedInUserMatchesGaeUser(Authentication authentication,
			User googleUser) {
		assert authentication != null;
		if (googleUser == null) {
			// User has logged out of GAE but is still logged into application
			return false;
		}
		AppUser gaeUser = (AppUser) authentication.getPrincipal();
		if (!gaeUser.getEmail().equals(googleUser.getEmail())) {
			return false;
		}
		return true;
	}

	@Override
	public void afterPropertiesSet() throws ServletException {
		Assert.notNull(authenticationManager,
				"AuthenticationManager must be set");
	}

	public void setAuthenticationManager(
			AuthenticationManager authenticationManager) {
		this.authenticationManager = authenticationManager;
	}

	public void setFailureHandler(AuthenticationFailureHandler failureHandler) {
		this.failureHandler = failureHandler;
	}

}